KR101278075B1 - Playing apparatus, method and apparatus for manufacturing information recording medium, recording medium, and authoring apparatus - Google Patents

Abstract

An information processing apparatus for reproducing content recorded on an information recording medium includes a data conversion processor that performs a substitution process on content configuration data recorded on the information recording medium. The data conversion processor replaces the content configuration data according to the conversion table having the recording position information of the conversion data using the conversion data as the replacement data.

Conversion table, exclusive OR operation, replacement data, broken data, content composition data

Description

Reproduction apparatus, information recording medium manufacturing apparatus and method, recording medium and authoring apparatus {PLAYING APPARATUS, METHOD AND APPARATUS FOR MANUFACTURING INFORMATION RECORDING MEDIUM, RECORDING MEDIUM, AND AUTHORING APPARATUS}

The present invention relates to an information processing method and apparatus, an information recording medium manufacturing method and apparatus, an information recording medium, and a computer program, and more particularly, by data conversion processing for various contents to be used and managed. An information processing method and apparatus for realizing strict content use and management without using contents, a method and apparatus for manufacturing an information recording medium, an information recording medium, and a computer program.

Audio data such as music, image data such as movies, game programs, various software data including various software programs (hereinafter, these are referred to as contents) include a blue-ray disc using a blue laser, DVD, MD It can be stored as digital data on recording media including (Mini Disc) and CD (Compact Disc). In particular, a Blu-ray disc using a blue laser is a disc capable of high density recording, and can record a large amount of video content and the like as high definition data.

These various information recording media storing digital contents are provided to users, and each user reproduces and uses the contents in a playback device such as a personal computer (PC) and a disc player.

Many contents, such as music data and image data, are generally owned by the creator or seller. Therefore, for the distribution of these contents, it is common to adopt a configuration that allows certain usage restrictions, that is, the use of the contents only for regular users, and unauthorized copying or the like is not performed.

Currently, digital recording devices and recording media are widely used. Since the digital recording device and the recording medium can repeat recording or reproducing without deteriorating an image or an audio, distribution of illegal copy contents via the Internet, distribution of so-called pirated discs copying the contents to CD-Rs, PCs, etc. There is a problem that the use of pirated content stored in the hard disk of the.

A large-capacity recording medium such as a DVD or a recording medium using a blue laser, which has been recently developed, can record a large amount of data of, for example, one to several movies as digital information on one medium. In view of the fact that it is easy to record video information and the like as digital information, it is more important to protect copyright holders by preventing illegal copying. In recent years, in order to prevent such illegal copying of digital data, various techniques for preventing illegal copying in digital recording devices and recording media have been integrated. Such a technique is disclosed in Japanese Patent Application No. 11-39220.

For example, a content scramble system (CSS) is used in a DVD player. In the content scramble system, since video data or audio data is encrypted and recorded in, for example, a DVD-ROM (Read Only Memory), content reproduction can be performed by releasing data from scramble.

In the descrambling process, only a licensed DVD player is provided with a key for decrypting the encrypted data. The license is granted to a DVD player designed to comply with certain operating rules, such as not making an illegal copy. Therefore, in a licensed DVD player, it is possible to reproduce images and audio from the DVD-ROM by decrypting the encrypted data recorded on the DVD-ROM using specific data such as a given key.

On the other hand, a DVD player without a license does not have specific data such as a key for decrypting the encrypted data, and thus cannot reproduce the encrypted data recorded on the DVD-ROM. As described above, in the content scramble system, a DVD player that does not meet the conditions required at the time of the license cannot reproduce digital data from the DVD-ROM, thereby preventing unauthorized copying.

However, in such a content scramble system, there exists a problem that the processing load on the information processing apparatus side as a user device which performs a reproduction process becomes high. In addition, many existing content scramble systems have already been decoded and the decryption method is distributed through communication means such as the Internet. As described above, once the scramble method is decrypted, the content is unjustly reproduced and copied by an illegal scramble release process, which causes a problem of infringement of copyright and usage rights of the content. If the scramble method is decrypted, then a particular device may be revoked. It is necessary to obtain information about which device to invalidate.

SUMMARY OF THE INVENTION The present invention has been made in view of such a situation, and performs data conversion processing mainly for data replacement, thereby reducing the load on the information processing apparatus side, controlling the illegal use of content, and allowing authorized use for the device. It is an object of the present invention to provide an information processing method and apparatus for identifying a device, an information recording medium manufacturing method and apparatus, an information recording medium, and a computer program.

According to an embodiment of the present invention, an information processing apparatus for reproducing contents recorded on an information recording medium includes a data conversion processor for performing substitution processing on content member data recorded on the information recording medium. And the data conversion processor replaces the content configuration data according to a fix-up table having recorded position information of the converted data, using the converted data as replacement data.

Preferably, the data conversion processor replaces broken data different from the authorized content recorded on the information recording medium with converted data including the legitimate content data.

The data conversion processor may replace part of the content recorded on the information recording medium with converted data including data for analyzing a configuration bit of identification information for identifying one of a content reproducing apparatus and a content reproducing application program. have.

The data conversion processor executes an arithmetic process or a ciphering process that applies different parameters to a partial fix-up table having conversion data corresponding to only a part of the content configuration data, so as to replace the data as the replacement data. The converted data can also be obtained.

The data conversion processor acquires the converted data as the replacement data by performing an exclusive OR operation which applies different parameters to a partial conversion table having conversion data corresponding to only a part of the content configuration data. You may.

Preferably, the data conversion processor executes the calculation process for calculating the different parameter as an intermittent process in synchronization with a reproduction process for reproducing the content or an output process for outputting the content externally. The conversion data corresponding to the different content configuration data is acquired through arithmetic processing or encryption processing executed according to the calculated different parameters.

The data conversion processor may execute the parameter calculation processing by a virtual machine.

Preferably, the data conversion processor acquires the conversion table from the information recording medium on which the content is recorded, and records the converted data as the replacement data and recording position information of the converted data based on the conversion table. Analyze

Preferably, the data conversion processor continuously acquires a partition conversion table distributed in a configuration packet of the content recorded on the information recording medium, and corresponds to only a part of the content configuration data from the partition conversion table. The conversion data as the replacement data and recording position information of the conversion data are acquired.

The information processing apparatus further includes a decoding processor that performs decoding processing on the content recorded on the information recording medium, and the data conversion processor converts the content configuration data of the decoded content from the decoding processor. It may be substituted with data.

According to another embodiment of the present invention, an apparatus for manufacturing an information recording medium has contents including broken data different from the legitimate contents composition data, and conversion data as the legitimate contents composition data to be substituted for the broken data. A data processor for generating a data conversion program including a conversion table having setting positional information on the contents of said conversion data, and an execution command used in the substitution processing for the content configuration data to which said conversion table is applied, and said broken data. And a data recorder for recording the included contents, the conversion table, and the data conversion program on an information recording medium.

Preferably, the data processor generates a conversion table having conversion data selectively applied based on identification information of a content reproducing apparatus or a content reproducing application program, and the data recorder is selectively based on the identification information. Record the conversion table with the conversion data applied.

Advantageously, the data processor generates a translation table that is obfuscated using arithmetic or cryptographic processing that applies different parameters to the partial translation table data having translation data corresponding to only a portion of the content configuration data; The data recorder records the obfuscated conversion table.

Advantageously, said data processor generates content data in which said obfuscated translation table is interspersed in a stream packet of content containing said broken data, and wherein said data recorder is interspersed with said obfuscated translation table. Record the content data.

According to still another embodiment of the present invention, an information recording medium for storing data includes: conversion data including replacement data to be replaced with a part of the stored data; setting table information including setting position information of contents of the conversion data; A data conversion program including an execution command used for a substitution process for content configuration data to which the conversion table is applied is stored.

Preferably, the registration information of the conversion table is (a) the registration information relates to conversion data for converting broken data into legitimate content data, or (b) the registration information is a content reproducing apparatus or a content reproducing application. And a type identifier identifying whether the information relates to transformed data having an identification mark for embedding identification information of the program.

When the registration information of the conversion table is registration information about conversion data having an identification mark for porting identification information of the content reproduction device or content reproduction application program, the registration information of the conversion table is the content reproduction device. Alternatively, the method may further include conversion data selectively applied based on the identification information of the content reproduction application.

The conversion table may include position information of bits to be referred to in order to determine a processing mode among identification information of the content reproducing apparatus or the content reproducing application program including a plurality of bits.

The translation table may be obfuscated using arithmetic or cryptographic processing that applies different parameters to a partial translation table having translation data corresponding only to a portion of the content configuration data.

Content data in which the obfuscated conversion table is interspersed in a stream packet of content containing the broken data may also be recorded as record data.

According to still another embodiment of the present invention, a data structure including a conversion table having conversion data to be substituted for a part of content data and setting position information for the content of the conversion data, wherein the registration of the conversion table is performed. The information may include (a) whether the registration information relates to conversion data for converting the broken data into legitimate content data, or (b) the registration information identifies for porting identification information of the content reproducing apparatus or the content reproducing application program. A data structure is provided that includes a type identifier that identifies whether the data relates to translated data having a mark.

When the registration information of the conversion table relates to conversion data having an identification mark for porting identification information of the content reproduction device or content reproduction application program, the registration information of the conversion table is the content reproduction device or content. It may also include conversion data that is selectively applied based on the identification information of the reproduction application program.

The conversion table may include a data storage area for identifying a conversion target bit among identification information of the content reproducing apparatus or the content reproducing application program composed of a plurality of bits.

The conversion table may be obfuscated using arithmetic processing or encryption processing that applies different parameters to partial conversion table data having conversion data corresponding to only a part of the configuration data of the content.

According to still another embodiment of the present invention, an information processing method for reproducing contents recorded on an information recording medium includes a data conversion processing step of performing substitution processing on the content configuration data recorded on the information recording medium, The data conversion processing step includes converting the content configuration data according to a conversion table having position information of the converted data, using the converted data as replacement data.

The data conversion processing step may further include replacing broken data which is different from the legitimate content recorded on the information recording medium with converted data including the legitimate content data.

The data conversion processing step includes replacing a part of the content recorded on the information recording medium with converted data including data for analyzing a configuration bit of identification information identifying a content reproducing apparatus or a content reproducing application program. It may further include.

The data conversion processing step includes: acquiring the converted data as the replacement data by executing an arithmetic processing or an encryption process applying different parameters to a partial conversion table having conversion data corresponding to only a part of the content configuration data. It may further include.

The data conversion processing step executes an exclusive OR operation which applies different parameters to a partial conversion table having conversion data corresponding to only a part of the content configuration data, thereby converting the converted data as the replacement data. The method may further include acquiring.

In the data conversion processing step, the calculation processing for calculating the different parameters is executed as an intermittent processing in synchronization with a reproduction processing for reproducing the content or an output processing for outputting the content to the outside, and intermittently calculating. The method may further include acquiring the conversion data corresponding to the different content configuration data through arithmetic processing or encryption processing executed according to the different parameters.

The data conversion processing step may further include executing the parameter calculation process using a virtual machine.

The data conversion processing step includes: acquiring the conversion table from the information recording medium on which the content is recorded, and analyzing the conversion data as the replacement data and recording position information of the conversion data based on the conversion table. It may further include.

The data conversion processing step successively acquires a division conversion table distributed in a configuration packet of the content recorded on the information recording medium, and replaces the replacement data corresponding to only a part of the content configuration data from the division conversion table. The method may further include acquiring the converted data and recording position information of the converted data.

The information processing method further includes a decoding processing step of performing a decoding process on the content recorded on the information recording medium, wherein the data conversion processing step includes content configuration data of the content decoded in the decoding processing step. The method may further include the step of substituting the converted data.

According to still another embodiment of the present invention, a method for manufacturing an information recording medium includes content containing broken data different from legitimate content composition data, and conversion data as the legitimate content composition data to be substituted for the broken data. A data conversion step of generating a data conversion program including a conversion table having setting positional information on the content of the conversion data, and an execution command used in the substitution processing for the content configuration data to which the conversion table is applied; and the broken And a data recording step of recording the content including data, the conversion table, and the data conversion program on an information recording medium.

The data processing step includes generating a conversion table having conversion data selectively applied based on the identification information of the content reproducing apparatus or the content reproducing application program, wherein the data recording step is based on the identification information. And optionally recording the conversion table with the conversion data applied.

The data processing step includes generating a translation table that is obfuscated using arithmetic processing or encryption processing that applies different parameters to partial translation table data having translation data corresponding to only a portion of the content configuration data. The data recording may include recording the obfuscated conversion table.

The data processing step further includes generating content data in which the obfuscated conversion table is interspersed in the stream packet of content containing the broken data, wherein the data recording step comprises the obfuscated conversion. The method may further include recording the content data in which a table is interspersed.

According to still another embodiment of the present invention, a computer program that enables an information processing apparatus to reproduce content recorded on an information recording medium includes: a data conversion process for performing a substitution process on the content configuration data recorded on the information recording medium; And program code for executing the step, wherein the data conversion processing step includes: replacing the content configuration data according to a conversion table having recording position information of the conversion data, using the conversion data as replacement data. do.

The computer program of one embodiment of the present invention is a computer-readable recording medium such as a CD, a floppy disk (FD), a magneto-optical disk (MO), a network, or the like for a general-purpose computer system capable of executing various program codes. Is provided by the communication medium. By providing a computer program in a computer readable format, the computer system performs processing in accordance with the computer program.

These and other features and advantages of the present invention will become more apparent from the following detailed description of the invention and the accompanying drawings. And, in this specification, the system refers to a logical collective configuration of a plurality of devices, and is not limited to the devices of each configuration in the same housing.

According to the configuration of one embodiment of the present invention, the content including the broken data different from the authorized content member data is recorded on the information recording medium, and the legitimate content to be replaced with the broken data. Conversion data which is configuration data and a fix-up table having setting position information for the contents of the conversion data are recorded in the information recording medium. In the content reproduction processing, the content configuration data is replaced with the conversion data according to the conversion table recorded on the information recording medium. Even if a leak of the encryption key corresponding to the encrypted content recorded on the information recording medium occurs, playback of the content is not performed in the apparatus that cannot obtain the converted data, thereby preventing unauthorized use of the content.

Further, according to the configuration of one embodiment of the present invention, the converted data includes bits of identification information for identifying the content reproducing apparatus or the content reproducing application program. Even if the illegal content is leaked, by analyzing the converted data, the source of the illegal content is identified.

In addition, according to the configuration of one embodiment of the present invention, since the conversion table holding the conversion data is set to perform arithmetic processing or encryption processing with different parameters for each partial fix-up table partitioned, Even when leakage of any particular parameter occurs, only reproduction of a part of the content is allowed, and it is possible to reduce the possibility of occurrence of leakage of the entire content.

BRIEF DESCRIPTION OF THE DRAWINGS It is a figure explaining the structure of the storage data of an information recording medium, and the structure and process of a drive and an information processing apparatus.

2 is a diagram for explaining a setting example of the content management unit set for the stored content of the information recording medium.

FIG. 3 is a diagram for explaining correspondence between a content management unit and a unit key set for the stored content of the information recording medium.

4 is a diagram for explaining a directory structure set for the stored contents of the information recording medium.

It is a figure explaining the directory structure of a conversion table and a data conversion program.

6 is a diagram illustrating a first content reproduction process.

7 is a diagram illustrating a mutual authentication sequence executed between a drive and a host device.

8 is a diagram for explaining an application process of converted data executed during content reproduction.

9 is a diagram illustrating a data configuration of a data conversion table recorded on an information recording medium.

10 is a diagram illustrating second content reproduction processing.

11 is a diagram illustrating third content reproduction processing.

It is a figure explaining the data structure of the conversion table currently obfuscated in conversion table block (FUT block) unit.

It is a figure explaining the data structure of the conversion table which has not been obfuscated in conversion table block (FUT block) unit.

14 is a diagram illustrating fourth content reproduction processing.

15 is a diagram illustrating a fifth content reproduction process.

16 is a diagram illustrating a sixth content reproduction process.

It is a figure explaining the data structure of the conversion table stored in the transport stream packet containing content.

18 is a diagram illustrating a seventh content reproduction process.

It is a figure explaining the data structure of the partitioned conversion table.

It is a figure explaining the conversion table distributed to the specific packet in the configuration data of encrypted content.

21 is a diagram illustrating a recording configuration of converted data.

22 is a diagram illustrating a modification of the seventh content reproduction process.

23 is a diagram illustrating an eighth content playback process.

Fig. 24 is a diagram showing the entire data structure of the conversion table.

FIG. 25 is a diagram illustrating a data structure of one conversion table block among a plurality of conversion table blocks (FUT blocks) included in the conversion table.

Fig. 26 is a diagram showing the data structure of a conversion data entry in a conversion table block (FUT block).

27 is a diagram illustrating a modification of the eighth content playback process.

28 is a diagram illustrating a modification of the conversion table.

It is a figure explaining the hardware structure of the information processing apparatus which runs an application as a host apparatus.

EMBODIMENT OF THE INVENTION Hereinafter, with reference to drawings, the information processing method and apparatus of this invention, the information recording medium manufacturing method and apparatus, an information recording medium, and a computer program are demonstrated.

First, the outline | summary of the storage data of the information recording medium 100, the drive 120 of the information recording medium 100, and the host application 150 is demonstrated. 1 shows an information recording medium 100, a drive 120, and a host application 150. The host application 150 is a data reproduction (or recording) application program, and performs processing using hardware of an information processing apparatus such as a PC according to a predetermined data processing sequence.

An information recording medium 100, such as a Blu-ray disc, a DVD, or the like, is an information recording medium (ROM disc, etc.) that stores legitimate contents manufactured at a disc manufacturing factory under the permission of the owner of a legitimate content copyright or distribution right. Or an information recording medium (RE disk) capable of recording data. Incidentally, in the description of the following embodiments, the disc-shaped medium is described as an example of the information recording medium, but the present invention can also be applied to a configuration using various types of information recording media.

As shown in Fig. 1, the information recording medium 100 includes a key having a tree structure known as a type of the broadcast content encryption system and an encrypted content 101 on which encryption processing and partial data replacement processing have been performed. A title key composed of a media key block (MKB) 102 as an encryption key block generated according to a distribution method, and data (Encrypted CPS Unit Key) which is an encrypted form of a title key applied to content decryption processing. A conversion in which a file 103, permission information 104 including copy control information (CCI: Copy Control Information) as copy and reproduction control information of content, and converted data corresponding to replacement data of a predetermined area in the content are registered. A data conversion program including a fix-up table 105 and a processing instruction for executing data conversion processing in response to the registered conversion data ( 106). The data shown in FIG. 1 is just one example, and may differ slightly depending on the type of disk and the like. Hereinafter, the outline | summary of these various information is demonstrated.

Various contents are stored in the information recording medium 100. For example, the information recording medium 100 includes contents including audio visual (AV) streams such as high definition (HD) movie contents, which are high definition moving image data, game programs defined by a specific standard, image files, audio data, text data, and the like. Save it. These contents are AV format standard data stored according to a specific AV data format. Specifically, these contents are stored according to a Blu-ray disc ROM standard format, for example, as Blu-ray disc ROM standard data.

In addition, the information recording medium 100 can store a game program, an image file, audio data, and text data as service data. These contents can be stored as data having a data format that does not conform to a particular AV data format.

Examples of the content include music data, image data such as still images, game programs, and WEB content. These contents may be used by combining content information that can be used only in response to data from the information recording medium 100, data from the information recording medium 100, and data provided from a server via a network. Various information such as information is included. The content stored in the information recording medium 100 is assigned a different key (referred to as a CPS (Content Protection System) unit key, simply a unit key, or a title key) for each divided content, and then encrypted. A unit of content to which one unit key is assigned is referred to as a content management unit (CPS unit). The content may also be broken data in which part of the configuration data is replaced by data different from the correct content data. Such content cannot be reproduced correctly by the decoding process alone, and in the case of reproduction, a process of replacing broken data with data registered in the conversion table is required. These processes will be described later in detail.

The media key block (MKB) 102 is an encryption key block generated according to a key distribution scheme having a tree structure in one kind of broadcast encryption scheme. The MKB 102 enables the acquisition of the media key Km, which is a key necessary for decrypting the content, only through the decoding process in accordance with the device key Kd stored in the user's information processing apparatus having a valid license. MKB 102 is distributed in an information distribution manner according to a hierarchical tree structure. Only when the user device (information processing apparatus) has a valid license can the media key Km be obtained. The invalidated user device cannot obtain the media key Km.

The control center as a license entity changes the device key used for encrypting the key information stored in the MKB 102 so that decryption processing cannot be performed with the device key stored in the specific user device. That is, the control center generates the MKB 102 having a configuration in which the media key required for content decryption cannot be obtained. Thus, the control center excludes unauthorized devices at any timing and provides decryptable encrypted content only for devices having a valid license. The decoding processing of the content will be described later.

As described above, each of the contents or a set of the plurality of contents is encrypted with an individual encryption key (title key or CPS unit key) and stored in the information recording medium 100, respectively, for use management of the contents. That is, image data such as AV (Audio Visual) streams, music data, moving images and still images, game programs, and WEB contents are divided into units as management units for content use, and generate different title keys for each divided unit. To perform the decoding process. Information for generating this title key is title key data. For example, a title key is generated by decrypting an encrypted title key with a key generated by a media key or the like. In accordance with a predetermined encryption key generation sequence to which title key data is applied, a title key for each unit is generated, and then the content is decrypted.

The usage information 104 includes copy and playback control information (CCI). More specifically, the permission information 104 includes copy control information for controlling the use of the encrypted content 101 stored in the information recording medium 100 and reproduction control information for controlling the reproduction of the encrypted content 101. It includes. This copy and playback control information (CCI) can be set in various ways such as when it is set as individual information of a CPS unit set as a content management unit or when it is set collectively for a plurality of CPS units.

As described above, the encrypted content 101 stored in the information recording medium 100 is encrypted by a predetermined encryption process, and at the same time, a part of the content configuration data is composed of broken data different from the correct data. During the content reproduction operation, a data rewrite process is performed to replace this broken data with converted data that is correct content data. The table in which this converted data is registered is the conversion table 105. Broken data is scattered among the contents. During content reproduction, a process of rewriting (substituting) the plurality of broken data into the conversion data registered in the conversion table is executed. Even if the encryption key is leaked and the decryption of the content is performed illegally, the accurate content cannot be reproduced only by decrypting the content, and the use of the illegal content can be prevented.

The conversion table 105 includes, in addition to the normal conversion data, conversion data including data used for interpreting bits of identification information for identifying one of the content reproduction device and the content reproduction application program. Specifically, "conversion data including identification mark (forensic mark)" including identification information generated according to the player ID or player ID as identification data of the player (the device executing the host application program) is included. do. The converted data including the identification mark is data obtained by slightly changing the number of bits of the correct content data within a range that does not affect the reproduction of the content. Processing using these converted data will be described later in detail.

Although FIG. 1 illustrates the conversion table 105 as a separate data file, the conversion table 105 may not be a separate file but may be configured to be interspersed in the packet of the encrypted content 101. The configuration and processing of the conversion table 105 will be described later.

The data conversion program 106 is used to execute data conversion processing in accordance with the conversion data of the conversion table 105. The host apparatus that performs content reproduction executes the data conversion program 106. More specifically, the data conversion processor 154 of the host application 150 of FIG. 1 executes the data conversion program 106.

In the host application 150, a virtual machine VM for executing data conversion processing is set, and the virtual machine VM executes a data conversion program 106 read from the information recording medium 100 to convert the conversion table. The conversion data of 105 is applied. The virtual machine performs a data conversion process of the partial configuration data on the decrypted content.

Next, an outline of the configuration and processing of the host application 150 and the drive 120 will be described with reference to FIG. 1. The reproduction processing of the content stored in the information recording medium 100 is executed by transferring data to the host application 150 via the drive 120. Prior to the use of the content, mutual authentication processing is performed between the drive 120 and the host application 150, and after the drive 120 and the host application 150 authenticate each other, the drive 120 is the host application 150 Send encrypted content to the. The content decoding process is performed on the host application 150 side, the data conversion process is executed in accordance with the above-described conversion table 105, and content reproduction is performed.

In the mutual authentication process executed between the host application 150 and the drive 120, the counterpart is referred to by referring to a revocation list issued by the control center indicating whether each device or application is registered as an illegal device or application. Determine the justification for

The drive 120 has a memory 122 for storing a host Certificate Revocation List (CRL) that stores invalidation information of a certificate (public key certificate) of the host application 150. The host application 150 has a memory 152 for storing a drive certificate revocation list (CRL) that stores invalidation information of a drive's certificate (public key certificate). The memory 122, 152 is a nonvolatile memory (NVRAM). For example, when the CRL read from the information recording medium 100 is a new version, each of the data processors 121, 151 is a memory 122, respectively. In step 152, an update process for storing a new version of the host CRL or drive CRL is performed.

CRLs, such as host CRLs and drive CRLs, are continuously updated by the control center. That is, when a new illegal device is found, the control center issues an update CRL by adding the ID or device ID of a certificate issued to the illegal device as a new entry. Each CRL is given a version number, and it is a structure which can compare new and old. For example, when the CRL read from the information recording medium mounted in the drive 120 is newer than the CRL stored in the memory 122 in the drive 120, the drive 120 executes the update processing of the CRL. The host application 150 also executes the drive CRL update process.

In addition to the CRL update process, the data processor 121 of the drive 120 may also process authentication with the host application 150 at the time of use of the content, read data from the information recording medium 100, and the host application 150. Perform data transfer processing to transfer the data.

As described above, the host application 150 is a data reproduction and recording application that is executed in an information processing apparatus such as a PC, and performs processing using hardware of an information processing apparatus such as a PC according to a predetermined data processing sequence.

The host application 150 includes a data processor 151 that executes mutual authentication processing and data transmission control processing with the drive 120, a decryption processor 153 that performs decryption processing of encrypted content, and the conversion table 105 described above. A data conversion processor 154 that executes data conversion processing in accordance with the registration data of < RTI ID = 0.0 > and < / RTI >

The data processor 151 performs an authentication process between the host and the drive, and during the authentication process, the drive 120 is invalidated by referring to the drive CRL stored in the memory " a " 152 as a nonvolatile memory (NVRAM). Make sure it is not a drive. The host application 150 performs an update process of storing a new version of the drive CRL in the memory " a "

The decryption processor 153 refers to the various information stored in the memory "b" 156 and the read data from the information recording medium 100, generates a key applied to the decryption of the content, and encrypts the content 101. Decoding processing is performed. The data conversion processor 154 uses the converted data registered in the conversion table 105 obtained from the information recording medium 100 to convert the contents into the data conversion program 106 obtained from the information recording medium 100. Substitution process (rewrite process) is performed on the configuration data. The decode processor 155 performs decode (eg, MPEG decode) processing.

In the memory " b " 156 of the host application 150, the device key Kd, key information applicable to mutual authentication processing, and key information applicable to decryption processing are stored. The content decoding process will be described later in detail. The device key Kd is a key applied to the processing of the MKB 102. The MKB 102 makes it possible to obtain a key necessary for decrypting content only through a decoding process in accordance with a device key Kd stored in an information processing apparatus of a user having a valid license. The MKB 102 is distributed to a tree-structured information distribution system. During decryption of the encrypted content, the host application 150 applies the device key Kd stored in the memory b 156 to execute MKB processing. The content decoding process will be described later in detail.

As described above, in order to realize different usage control for each unit, the contents stored in the information recording medium are stored with different keys assigned to each unit and subjected to encryption processing. More specifically, the content is divided into content management units (CPS units), and individual encryption processing is performed to perform individual use management.

During the use of the content, it is necessary to acquire the CPS unit key (title key) assigned to each unit, and perform reproduction by performing data processing according to a predetermined decoding processing sequence by applying other necessary keys and key generation information. . Hereinafter, the setting mode of the content management unit (CPS unit) will be described with reference to FIG. 2.

As shown in FIG. 2, the content has a hierarchical structure composed of an index 210, a movie object 220, a play list 230, and a clip 240. If an index such as a title to be accessed by the playback application program is specified, a playback program associated with the title is specified. According to the program information of the designated playback program, a play list that defines the playback order of the content is selected.

The play list includes play items as reproduction data information. According to the clip information as the reproduction section defined by the play item included in the play list, the AV stream and the command as the content data are selectively read, and the AV stream is reproduced and the command is executed. There are a number of play lists and play items, each of which is tagged a Play List ID and a Play Item ID.

2 shows two CPS units. These CPS units constitute a part of the content stored in the information recording medium 100. Each of the CPS units 271 and 272 is composed of a clip including a title as an index, a movie object as a playback program file, a play list, and an AV stream file as content data.

The content management unit (CPS unit) 271 includes a title 1 211 and a title 2 212, playback programs 221 to 223, playlists 231 and 232, and clips 241 and 242. . The AV stream data files 261 and 262 which are actual data of the contents included in these two clips 241 and 242 are at least encrypted data. This data is data encrypted using a title key Kt1 (referred to as a CPS unit key) as an encryption key set in correspondence with the CPS unit 271.

The content management unit (CPS unit) 272 includes an application 1 213 as a index, a playback program 224, a play list 233, and a clip 243. The AV stream data file 263, which is the actual data of the content included in the clip 243, is encrypted using the title key Kt2 as the encryption key set corresponding to the content management unit (CPS unit) 272.

For example, in order for a user to execute an application file or content reproduction process corresponding to the content management unit 271, the user acquires the title key Kt1 as the encryption key set in correspondence with the content management unit 271 and executes the decoding process. It is necessary. In order to execute the application file or the content reproduction process corresponding to the content management unit 272, the user needs to acquire the title key Kt2 as the encryption key set corresponding to the content management unit 272 and execute the decoding process. Do.

The configuration of the CPS (Contents Protection System) unit and the title key corresponding thereto are shown in FIG. As shown in FIG. 3, the CPS setting unit as the usage management unit of the encrypted content stored in the information recording medium 100 corresponds to the title key applied to the corresponding CPS unit. In addition, it is also possible to store and set the CPS unit and title key for later data in advance. For example, the data portion 281 is an entry for late data.

The CPS setting unit may be various elements such as a title of a content, an application, and a data group. In the CPS unit management table, the CPS unit ID as an identifier corresponding to each CPS unit is listed.

As shown in Fig. 3, title 1 is CPS unit 1, and a title key Kt1 is generated to decrypt the encrypted content belonging to CPS unit 1. Therefore, the decoding process is executed in accordance with the generated title key Kt1.

In this manner, the contents stored in the information recording medium 100 are stored with different keys assigned to each unit and an encryption process performed in order to realize different control processing for each unit. In order to manage individual usage of CPS units, usage rules (UR) for each CPS unit are set. The usage permission information includes copy and reproduction control information (CCI) such as copy control information and reproduction control information of the encrypted content included in each CPS unit, as described above.

Generation of the title key requires data processing to which various pieces of information stored in the information recording medium 100 are applied. Specific examples of these treatments will be described later in detail.

Next, with reference to FIG. 4, the structure of the directory corresponding to the content which has a hierarchical structure shown in FIG. 2 is demonstrated.

The index 210 of FIG. 2 corresponds to the "index.bdmv" file in the directory shown in FIG.

The movie object 220 of FIG. 2 corresponds to the "MovieObject.bdmv" file in the directory of FIG.

The playlist 230 of FIG. 2 corresponds to files under the "PLAYLIST" directory in the directory of FIG.

The clip 240 of FIG. 2 corresponds to a file having the same file number in a file under the "CLIPINF" directory and a file under the "STREAM" directory in the directory in FIG.

As described above, the content stored in the information recording medium 100 is set as broken data in which part of the configuration data of the content is replaced by data different from the correct content data. Decoding process alone cannot reproduce accurate content. In order to reproduce the correct content, a process of replacing broken data with data registered in the conversion table is required. In this substitution process, the data conversion program 106 stored in the information recording medium 100 is applied, and the data conversion process by the registration data of the conversion table 105 is performed.

As described above, the conversion table 105 and the data conversion program 106 are recorded in the information recording medium 100. FIG. 5 shows a conversion table corresponding to the content having the directory structure of FIG. 4 and a directory structure of the data conversion program. As shown in FIG. 5, a data conversion program 106 is generated for AV contents having the directory structure of FIG.

"ContentCode.svm" in FIG. 5 corresponds to the data conversion program 106.

"FixUpXXXXX.tbl" in FIG. 5 corresponds to a conversion table in which one clip is defined. "XXXXX" in "FixUpXXXXX.tbl" in FIG. 5 corresponds to the file number of the corresponding clip information file.

The mutual authentication process is executed between the drive 120 and the host application 150. On the premise that mutual authentication has been completed successfully, a plurality of reproductions in the case where contents stored in the information recording medium 100 attached to the drive 120 are transferred from the drive to the host application 150 to execute the content reproduction processing The processing will be described.

The first content reproduction process will be described with reference to FIG. In Fig. 6, from the left side, an information recording medium 310 for storing encrypted contents, a drive 330 for mounting the information recording medium 310 to read data, and connected to the drive so as to be capable of data communication are recorded. The host application 350 that acquires the content stored in the medium 310 through the drive 330 and executes the first playback process is shown. The host application 350 is executed by an information processing apparatus such as a PC, for example.

The information recording medium 310 stores an MKB (Media Key Block) 311, a title key file 312, an encrypted content 313, a conversion table 314, and a data conversion program 315. The host application 350 holds the device key 351 applied to the processing of the MKB 311.

A first playback processing sequence will be described with reference to FIG. In the first reproduction processing sequence, the application 350 acquires the stored content from the information recording medium 310 via the drive 330. First, prior to reading the stored contents of the information recording medium 310, the host application 350 and the drive 330 execute mutual authentication processing in step S101. In this mutual authentication process, the host application 350 determines whether the drive 330 is a legitimate drive, and the drive 330 determines whether the host application 350 is a legitimate application. Various processes can be applied to this mutual authentication process sequence. An example thereof will be described with reference to FIG. 7.

The mutual authentication process of FIG. 7 follows a public key encryption method. First, in step S121, the drive 330 transmits the drive public key certificate and randomly generated random number stored in its memory (NVRAM) to the host application 350. In step S122, the host application 350 transmits the host public key certificate stored in its memory (NVRAM) and a randomly generated random number to the drive 330.

In step S123, the drive 330 verifies the validity of the host public key certificate received from the host application and the invalidation status of the host application 350 according to the host certificate revocation list (Host CRL: Certificate Revocation list). In step S123, the drive 330 first verifies the signature set in the host public key certificate. "ECDSA_V" in FIG. 7 shows execution of signature verification in accordance with an elliptic curve cryptosystem. This signature verification is performed using the public key corresponding to the private key of the key management entity. The drive 330 holds in the memory the public key of the key management entity for signature verification, and performs signature verification using this public key. Through signature verification, the drive 330 verifies that the host public key certificate is not tampered with. If the signature verification indicates that the host public key certificate has been tampered with, the processing stops.

Further, after it is determined that the host public key certificate has not been tampered with, the drive 330 confirms with reference to the host CRL that the certificate is not invalidated. The host CRL lists IDs of invalidated certificates with respect to the public key certificate issued to the host. The host CRL is obtained from a memory or information recording medium 310 in the drive 330.

The drive 330 acquires an ID from the host public key certificate determined to be free of tampering, and determines whether this ID matches the ID registered in the host CRL. If an ID that matches the ID of the host public key certificate exists in the host CRL, the drive 330 determines that the host application is an invalidated application and stops subsequent processing. If the ID obtained from the host public key certificate is not registered in the host CRL, the drive 330 determines that the host application 350 is not an invalidated application and continues processing.

In step S124, the host application 350 verifies (modifies and verifies) the drive public key certificate according to the drive public key certificate received from the drive 330, and determines whether the drive 330 is invalidated based on the drive CRL. Determine whether or not. Processing is continued only when the public key certificate of the drive is valid and it is confirmed that the drive 330 is not invalidated. The drive CRL is obtained from a memory or an information recording medium 310 in the host application 350.

The drive 330 and the host application 350 notify the authentication result as a drive response (in step S125) and a host response (in step S126), respectively. In order to notify this authentication result, the drive 330 and the host application 350 generate an Elliptic Curve Diffie-Hellman (ECDH) value as an elliptic curve cryptosystem value, and notify the other party of the generated value.

Upon receiving the drive authentication result and the ECDH value from the host application 350, the drive 330 verifies the host response in step S127 to confirm that the drive authentication has been completed successfully. The drive 330 generates a session key as a common key by applying the received ECDH value. When the host application 350 receives the host authentication result and the ECDH value from the drive 330, the host application 350 verifies the drive response in step S128 to confirm that host authentication is completed successfully. The host application 350 generates a session key as a common key according to the value of the ECDH.

By this mutual authentication process, the drive 330 and the host application 350 share a session key as a common key.

Returning to Fig. 6, the description of the sequence of the content usage processing will continue. In step S101, mutual authentication between the drive 330 and the host application 350 is executed, and the session key Ks is shared. In step S102, the host application 350 acquires the MKB 311 recorded on the information recording medium 310 through the drive 330, and processes the MKB 311 to which the device key 351 stored in the memory is applied. Run The host application 350 obtains the media key Km from the MKB 311.

As described above, the MKB 311 is generated according to a key distribution method of a tree structure known as a broadcast encryption method. The MKB 311 enables the acquisition of the media key Km necessary for decrypting the content only through the decoding process in accordance with the device key Kd stored in the user's information processing apparatus having a valid license.

Next, in step S103, the title key file read out from the information recording medium 310 is decoded using the media key Km acquired by the MKB process in step S102, and a title key Kt is obtained. The title key file stored in the information recording medium 310 is a file containing data encrypted by the media key Km. The title key Kt applied to content decoding can be obtained by the process of applying the media key Km. In the decryption process of step S103, for example, an Advanced Encryption Standard (AES) encryption algorithm is applied.

Next, the host application 350 reads the encrypted content 313 from the information recording medium 310 through the drive 330, and stores the read content in the track buffer 352. In step S104, the host application 350 executes a decoding process to which the title key Kt is applied to the content stored in the track buffer 352, and acquires the decrypted content.

The decoded content is stored in a plain TS buffer 353. The plain text TS means a plain text transport stream. Here, the decoded content stored in the plain text TS buffer 353 is the content containing the above-mentioned broken data, and cannot be reproduced by itself, and it is necessary to perform a predetermined data conversion process (replacement of data by rewriting). .

This data conversion process is shown by block 371 in FIG. Block 371 of FIG. 6 corresponds to the processing of the data conversion processor 154 of the host application 150 shown in FIG. An outline of this data conversion process will be described with reference to FIG. 8.

The encrypted content 313 shown in FIG. 6 is encrypted content stored in the information recording medium 310, which is stored in the track buffer 352 of the host application 350. As shown in FIG. The encrypted content corresponds to the track buffer stored data 401 shown in FIG.

By the decryption processing in the host application 350, the encrypted content as the track buffer storage data 401 is decoded, and the decoded data is stored in the plain text TS buffer 353. This decoded data corresponds to the decoded data 402 shown in FIG.

The decryption result data 402 includes broken data 403 which is different from the normal content composition data. In the data conversion processing of the host application 350, the broken data 403 is converted data 404 as accurate content configuration data obtained from the conversion table 314 recorded on the information recording medium 310 shown in FIG. The substituting process is executed. This substitution process is executed as a rewrite process of some data with respect to the data written in the plain text TS buffer 353.

In addition, in the data conversion processing executed by the host application 350, not only processing for replacing broken data with conversion data as normal content data but also conversion data including an identification mark (forensic mark) as shown in FIG. 405 executes a process of replacing part of the configuration data of the decoded data 402.

Using the identification mark, the configuration bits of the identification information for identifying the content reproducing apparatus or the content reproducing application can be analyzed. More specifically, the identification mark is, for example, an identification mark generated according to the configuration data of the identification information (player ID or the like) of the information processing apparatus as the player executing the host application 350 or the player ID. The converted data including the identification mark is data obtained by slightly changing the bit value of the correct content data within a range that does not affect the reproduction of the content.

A plurality of converted data 405 including the identification mark is set in the content, and the player ID is determined by, for example, collecting and analyzing the converted data 405 including the plurality of identification marks. The conversion data 405 including the identification mark is data in which the configuration bits of the correct content data are changed within the range in which the contents are normally reproduced, and the data enabling the identification of the identification mark configuration bits by MPEG bit stream analysis. to be.

In the conversion table stored in the information recording medium 30, the conversion data 404 of FIG. 8 and the conversion data 405 including an identification mark are registered. By performing the data conversion process according to this conversion table storage information, the data stored in the plain text TS buffer 353 becomes the conversion data 406 shown in FIG.

Returning to FIG. 6, the processing in the dotted line block "371", that is, the data conversion processing in the host application 350 will be described. The data conversion process is executed by the secure VM 356 set, for example, as a virtual machine (VM) in the host application 350. The secure VM 356 is a virtual computer that directly interprets and executes an intermediate language, and interprets and executes command code information in an intermediate language that does not depend on the platform.

The secure VM 356 reads the data conversion program 315 containing the command code information from the information recording medium 310. The secure VM 356 is controlled by the event handler 354 and receives player information 355 such as ID information of a player executing a host application. The secure VM 356 executes the data conversion program 315 acquired from the information recording medium 310. An emulator check is performed to determine whether the secure VM 356 is performing data conversion processing correctly. The processing of the player (information processing apparatus) as a host application or host application execution apparatus is monitored. When one of the processing error and the illegal processing is detected, the data conversion processing by the secure VM 356 is stopped.

The secure VM 356 executes the conversion process of the data stored in the plain text TS buffer 353 as shown in the data conversion process in step S105 of FIG. 6 using the conversion table read from the information recording medium 310. do. For the decoded data 402 shown in Fig. 8, the broken data 403 is replaced with the conversion data 404 which is legitimate content configuration data, and the conversion data 405 including the identification mark is replaced with some data of the content. do. The stored data of the plain text TS buffer 353 is updated with the converted data.

Thereafter, the converted TS (transport stream) is externally output through the network and reproduced by an external reproducing apparatus. By the demultiplexing process in step S106, the transport stream TS is demultiplexed into an elementary stream (ES). After the decode process is performed in step S107, the elementary stream is output to the display and the speaker and reproduced.

The data structure of the data conversion table recorded on the information recording medium 310 will be described with reference to FIG. The data conversion table recorded on the information recording medium 310 has, for example, the configuration shown in FIG.

The data conversion table contains:

Number of Fix-Up Entry: Number of Conversion Data Entries

Fix-up Entry Length: Byte Length of one Fix-Up Entry () = (N + 6)

Source Packet Number (SPN): Absolute Transformed Packet Number from the beginning of AV Stream File

Byte Offset: Start byte position of transformed data in the packet

player_id_bit_position: Bit position of the player ID for the forensic mark

Fix-Up Data: The value to be rewritten (N bytes are formed in one TS packet).

Many broken data are scattered in one content, and the converted data recorded in the conversion table is rewritten at the position of this broken data. A plurality of recording positions for writing converted data having an identification mark such as a player ID are set in one piece of content data. The conversion table includes " conversion data including (a) conversion data and (b) identification marks as actual rewrite data, and a table as information specifying a writing position of these data.

Although the frequency of occurrence of data substitution of the conversion data per unit area (including the conversion data having an identification mark) and the size of the conversion data can be variously set, the size of the conversion data depends on the frequency of occurrence of the data substitution. do. For example, in a configuration in which two converted data including two converted data or identification marks are set for one GOP (Group Of Pictures) which is the basis of MPEG content, the converted data (the converted data having the identification mark is also Is 8 bytes, the conversion table is about 400 KB in size, and when 16 bytes, the conversion table is about 600 KB in size.

For example, in a configuration for setting converted data including five converted data or identification marks for one GOP (Group Of Pictures) which is the basis of MPEG content, the converted data (including converted data having identification marks) is eight. In the case of bytes, the conversion table is about 1 MB in size, and in case of 16 bytes, the conversion table is about 1.5 MB in size.

The secure VM 356 of the host application 350 writes the conversion data including the conversion data and the identification mark at the position designated by the conversion table 314 recorded on the information recording medium 310. In this process, the conversion data or the conversion data including the identification mark is rewritten into data stored in the plain text TS buffer 353. As a result of this processing, the data in the plain text TS buffer 353 is replaced with the data in Fig. 8 (3).

The output process or the reproduction process of the content from the player (information processing apparatus or the like) that implements the host application is executed based on the conversion data shown in FIG. 8 (3).

The converted data is correct content configuration data, and the converted data including the identification mark is data applied to reproduction of the correct content data. Therefore, the correct content is reproduced through the decoding process according to these data. In the case where this content is copied in an illegal manner and a large number of illegal copy data leaks, it is possible to obtain a player ID by analyzing the conversion data including the identification mark, so that the outflow source of the illegal content data is identified. .

The second content reproduction processing will be described with reference to FIG. Fig. 10 shows, from the left side, an information recording medium 310 storing encrypted contents, a drive 330 mounted with an information recording medium 310 to read data, and a data communication connection with the drive. The host application 350 which acquires the content stored in the recording medium 310 via the drive 330 and performs a 2nd reproduction process is shown. The host application 350 is executed by an information processing apparatus such as a PC, for example.

10 does not show the MKB and title key files recorded on the information recording medium 310. The host application 350 calculates the MKB recorded in the information recording medium 310 and calculates the title key Kt by applying the same processing as described with reference to FIG. 6 using the title key file. These processes are also omitted in FIG. The information recording medium 310 further stores the encrypted content 313, the conversion table 314, and the data conversion program 315.

In the second content reproduction processing in Fig. 10, the processing of block " 381 " represented by the dotted line box is executed in real time, and the processing of block " 382 " is executed as a batch processing before the content reproduction operation or the content output operation. Specifically, the secure VM 356 reads the data conversion program 315 including the command information from the information recording medium 310 before the content reproduction operation or the content output operation, and under the control of the event handler 354, In response to the input of the player information 355, a decoding process or the like is executed in accordance with the conversion table 314 read from the information recording medium 310.

The conversion table 314 recorded on the information recording medium 310 is subjected to obfuscation processing by, for example, an operation such as an AES encryption or an exclusive OR (XOR) operation. The secure VM 356 performs decoding processing or predetermined arithmetic processing in accordance with the data conversion program 315 to output a conversion table as plain text data. The processing up to this point is executed as a batch processing before the content reproduction operation or the content output operation.

Subsequent processing is executed in real time in parallel with the content reproduction operation or the content output operation. Specifically, the content decoding process is performed in step S201, and the data conversion process is performed in step S202. In other words, the conversion data including the conversion data and the identification mark registered in the conversion table 314 recorded on the information recording medium 310 is written in the position specified in the conversion table 314. External output processing of the converted TS (transport stream) is executed. In step S203, a demultiplexer process, that is, a demultiplexing process of demultiplexing the transport stream TS into the elementary stream ES is performed. In step S204, decoding processing is performed. These processes are executed in real time in parallel with the content reproduction operation or the content output operation.

This processing sequence is realized in real time without affecting the content reproduction operation or the content output operation, even when the processing of the conversion table 314 by the secure VM 356 takes time.

The third content reproduction processing will be described with reference to FIG. As in FIG. 10, FIG. 11 shows, from the left side, an information recording medium 310, a drive 330, and a host application 350 that store encrypted content. As shown in FIG. 11, similarly to FIG. 10, the process of applying the MKB (Media Key Block), the title key file, and the MKB and the title key file is the same as in the first content reproduction process described with reference to FIG. Is omitted in the present specification.

In the third content reproduction processing of FIG. 11, the processing of block "381" indicated by a dotted line box is executed in real time, and the processing of block "383" is low frequency before and during the content reproduction operation or the content output operation processing. It is executed intermittently as a process. The secure VM 356 reads the data conversion program 315 including the command code information, and intermittently, under the control of the event handler 354, before the content playback operation or the content output operation processing and during the processing execution. In accordance with the input of the information 355, decoding processing of the conversion table 314 read from the information recording medium 310 is executed.

The conversion table 314 recorded on the information recording medium 310 is obfuscated by an operation such as AES encryption or an exclusive OR operation in units of conversion table blocks (FUT blocks) of the conversion table 314. The secure VM 356 performs decoding processing or predetermined arithmetic processing in units of conversion table blocks (FUT blocks) in accordance with the data conversion program 315, and outputs conversion tables in block units as plain text data. The processing is executed intermittently before and during the content reproduction operation or the content output operation processing.

The data structure of the conversion table obfuscated in units of conversion table blocks (FUT blocks) will be described with reference to FIGS. 12 and 13. The data conversion table recorded on the information recording medium 310 has a data structure shown in FIG. 12, for example. The data FUT includes:

Number of FUT blocks: Number of conversion table blocks

Length of FUT block: Number of bytes in one conversion table block

Number of Fix-Up Entry in FUT block: Number of Fix-Up Entry in one FUT block

Length of one Fix-Up Entry: Number of bytes in one conversion data entry

First SPN for FUT block: Packet number as the data recording position of the first entry of each conversion table block.

FUT block: A conversion table block (FUT block) as a partial conversion table that is obfuscated by being individually encrypted or computed.

13 shows a data structure of a conversion table block (FUT block) as a partial conversion table. The table block contains the following data:

SPN: Absolute Transformed Packet Number from the beginning of AV Stream File

Byte Offset: Start byte position of transformed data in the packet

FM_flag: A flag that sets whether or not to perform conversion processing on conversion data having an identification mark, flag 0 performs conversion in all players, and flag 1 converts only when the bit value of the corresponding bit position of the player ID is 1 Will be set to execute.

player_id_bit_position: indicating bit position of Player ID for forensic mark, and forensic mark (such as player ID), and

Fix-Up Data: overwritting value (N bytes are transformed in one TS Packet)

The FUT of FIG. 13 is set as individually encrypted or computed data. The secure VM 356 in FIG. 11 reads the data conversion program 315 including the command code information from the information recording medium 310, and before and during the content reproduction operation or the content output operation processing, the event handler ( Under the control of 354, in response to the input of the player information 355, according to the conversion table 314 read out from the information recording medium 310, decoding processing or arithmetic processing is intermittently executed in units of FUT blocks. Secure VM 356 obtains a partial conversion table (FUT) as plain text data. These processes are intermittently executed before and during the content reproduction operation or content output operation processing.

Subsequent processing is executed in real time in parallel with the content reproduction operation or the content output operation processing. More specifically, the content decoding process is executed in step S201, and the data conversion process is executed in step S202. In other words, the conversion data registered in the conversion table 314 recorded in the information recording medium 310 and the conversion data including the identification mark are written in accordance with the position specified in the conversion table 314. External output processing of the converted TS (transport stream) is performed. In step S203, a demultiplexing process, that is, a process of demultiplexing the transport stream TS into the elementary stream ES, is performed, and in step S204, a decode process is performed. These processes are executed in real time in parallel with the content reproduction operation or the content output operation processing.

Even when the processing of the conversion table 314 by the secure VM 356 takes time, such a processing sequence is performed by the content reproduction operation or the content output operation as described above with reference to the second content reproduction process of FIG. Runs in real time without affecting The secure VM 356 generates the conversion data corresponding to a part of the content part data in order without generating the conversion data necessary for the content reproduction operation and the content output operation at the same time. When an illegal process is detected in the content reproduction process, the secure VM 356 stops the process in response to the illegal process detection information of the event handler 354. The generation of the converted data is stopped, and it becomes possible to end the illegal content reproduction operation or the output operation in the middle.

Next, a fourth example of content reproduction processing will be described with reference to FIG. As in Figs. 10 and 11, Fig. 14 shows an information recording medium 310, a drive 330, and a host application 350 that store encrypted content from the left side. The media key block (MKB), the title key file, and the processing to which they are applied are the same as in the first content reproduction processing described with reference to FIG. The information recording medium 310 stores the encrypted content 313, the conversion table 314, and the data conversion program 315.

In the fourth content reproduction processing of Fig. 14, the processing of the block "381" indicated by the dotted lines is executed in real time, and the processing of the block "382" indicated by the dotted lines is executed as a batch processing before the content reproduction operation or the content output operation processing. do. The secure VM 356 reads the data conversion program 315 including the command information from the information recording medium 310, and, under the control of the event handler 354, responds to the input of the player information 355. The decoding process of the conversion table 314 read out from the recording medium 310 is executed.

The secure VM 356 performs decoding processing or predetermined arithmetic processing in accordance with the data conversion program 315 to obtain a conversion table as plain text data. As a result of this processing, the acquired plain text conversion table is stored in the table storage unit 362.

The data conversion processing in step S202 is executed in real time under the control of the real time event handler 361 in parallel with the content reproduction operation or the content output operation. Under the control of the real-time event handler 361, the conversion data registered as the plain text data in the table storage unit 362, that is, the conversion data including the conversion data and the identification mark, is written at the position designated in the conversion table FUT.

The processing sequence of the fourth content reproduction processing is the same as the processing sequence of the second content reproduction processing of FIG. Specifically, the content decoding process is executed in step S201, the data conversion process is executed in step S202, the demultiplexing process is executed in step S203, and the decode process is executed in step S204. These processes are executed in real time in parallel with the content playback operation or the content output operation.

Similar to the second content reproduction processing described with reference to FIG. 10, this processing sequence affects the content reproduction operation and the content output operation even when the processing of the conversion table 314 by the secure VM 356 takes time. It is realized in real time without giving.

A fifth content reproduction processing example will be described with reference to FIG. 15. 15 shows an information recording medium 310, a drive 330, and a host application 350 in which encrypted contents are stored, from the left side. The media key block (MKB), the title key file, and the processing to which they are applied are the same as those in the first content reproduction processing in FIG.

In the fifth content reproduction processing of FIG. 15, the processing of the block "381" indicated by the dotted lines is executed in real time, and the processing of the block "383" indicated by the dotted lines is lower than before and during the content reproduction operation or the content output operation processing. It is run intermittently with frequency. The secure VM 356 reads the data conversion program 315 including the command information from the information recording medium 310 and records the information in response to the input of the player information 355 under the control of the event handler 354. The decoding process of the conversion table 314 read out from the medium 310 is executed partially and intermittently.

The conversion table 314 is temporarily stored in the pre-load table storage unit 364 in the host application 350. The secure VM 356 acquires the table data stored in the pre-load table storage unit 364 and performs decoding processing or predetermined arithmetic processing in accordance with the data conversion program 315 to partially convert the conversion table as plain text data. And in order.

The secure VM 356 decodes only a part of the configuration data of the conversion table including the conversion data applied to a part of the content data, and intermittently generates the plain text conversion table as part of the data. The plain text partial conversion table obtained as a result of this processing is stored in the partial table storage unit 363.

The data conversion process in step S202 is executed under the control of the real time event handler 361 in parallel with the content reproduction operation or the content output operation. Under the control of the real-time event handler 361, the conversion data registered as the plain text data in the partial table storage unit 363, that is, the conversion data including the conversion data and the identification mark, is written at the position specified in the conversion table. The data conversion process is executed in real time in parallel with the content reproduction operation or the content output operation.

The processing sequence of the fifth content reproduction processing is the same as the processing sequence described with reference to FIG. Specifically, the content decoding process is executed in step S201, the data conversion process is executed in step S202, the demultiplexing process is executed in step S203, and the decode process is executed in step S204. These processes are executed in real time in parallel with the content reproduction operation or the content output operation.

Similar to the third content reproduction processing described with reference to FIG. 11, this processing sequence is the processing of the content reproduction operation or the content output operation even when the processing of the conversion table 314 by the secure VM 356 takes time. Runs in real time without affecting The secure VM 356 generates converted data corresponding to a part of the content portion data in order without simultaneously generating the conversion data required for the content reproduction operation or the content output operation. When an illegal process is detected in the content reproduction process, the secure VM 356 stops the process in response to the illegal process detection information from the event handler 354. The generation of the conversion data is stopped, and the content reproduction operation and the content output operation of illegal content are terminated in the middle.

The sixth content reproduction process will be described with reference to FIG. 16 shows an information recording medium 310, a drive 330, and a host application 350 in which encrypted contents are stored, from the left side. The media key block (MKB), the title key file, and the processing to which they are applied are the same as in the first content reproduction processing in FIG. As shown in FIG. 16, the information recording medium 310 stores an encrypted content 318 including a conversion table, and a data conversion program 315. The processing of the block "381" indicated by the dotted lines is executed in real time, and the processing of the block "383" indicated by the dotted lines is executed as an intermittent process.

The translation table (FUT) is distributed within a particular packet in the configuration data of the encrypted content. As shown in Fig. 17, for example, a translation table is stored in a transport stream packet containing content. The upper part of Fig. 17 shows the structure of the content data. As shown, the content data consists of TS (transport stream) packets. The TS is composed of TS packets of a predetermined byte number. Conversion tables are divided and recorded in a plurality of packets of some of these TS packets. As shown in the figure, they are recorded in TS packets 391, 392,... As the TS packet for storing the conversion table, a TS packet including a PMT (program map table) that is distributed and set in the content may be used.

The data of the partitioned conversion table has the same configuration as the conversion table block (FUT block) described with reference to FIG. 13. In the conversion table, the conversion data (or conversion data including an identification mark) to be replaced with respect to the decoded content and the recording position of the conversion data are recorded.

As shown in the lower part of FIG. 17, the recording position of the conversion data recorded in the conversion table is set in the vicinity of the TS packet including the conversion table. For example, packets 394 and 395 each having a recording area of the conversion data are set in the vicinity of the packet 391 including the conversion table. With this setting, when the content is decoded and reproduced in real time, it is possible to perform data replacement processing by the converted data as continuous processing after the decoding processing, and to detect and analyze the TS packet in which the conversion table is recorded. The conversion data is acquired by the processing, and the rewriting process of rewriting the conversion data with respect to the position recorded in the table can be efficiently executed.

In the sixth content reproduction process of Fig. 16, the processing of the block "381 " represented by the dotted lines is executed in real time, and the processing of the block " 383 " Is executed.

The secure VM 356 reads the data conversion program 315 including the command code information from the information recording medium 310. The secure VM 356 generates the parameters P1, P2, P3, ... required for converting the conversion table recorded with the contents on the information recording medium 310 into the plain text conversion table, and the resulting plain text conversion table. Outputs The secure VM 356 performs this process intermittently in response to the input of the player information 355 under the control of the event handler 354 before and during the content reproduction operation or the content output operation process.

The parameters P1, P2, P3, ... are arithmetic processing parameters or encryption processing parameters respectively applied to the conversion table 1, the conversion table 2, the conversion table 3, and the like, which are divided by predetermined content data units and distributed and recorded in the content. to be. The conversion table 1, the conversion table 2, the conversion table 3, and the like are subjected to arithmetic processing or encryption processing to which different parameters P1, P2, P3, ... are applied.

Specifically, the parameters P1, P2, P3,... Are exclusive logical OR (XOR) arithmetic parameters applied to the partitioned conversion table 1, the conversion table 2, and the conversion table 3, respectively. The secure VM 356 intermittently generates and outputs the parameters P1, P2, P3, ... required for converting the conversion table 314 into the plain text conversion table in accordance with the data conversion program 315.

In real-time processing block 381, the decryption of the encrypted content 318 including the conversion table is executed in step S301, and the conversion table is demultiplexed by the demultiplexing process in step S302. In step S303, table restoration and data conversion processing are executed under the control of the real-time event handler 361. Under the control of the real-time event handler 361, the parameters P1, P2, P3, ... that are intermittently output from the secure VM 356 are applied to decode or perform a conversion table to obtain a plain text conversion table. . The conversion data registered in the obtained partial conversion table, that is, the conversion data including the conversion data and the identification mark, is written to the position specified in the conversion table in real time in parallel with the content reproduction operation or the content output operation.

If the parameters P1, P2, P3, ... are exclusive OR operations (XOR) calculation parameters of the transform data corresponding to the content part data unit, then in step S303, the following is performed:

[Conversion Table 1] (XOR) [P1],

[Conversion table 2] (XOR) [P2],

[Conversion table 3] (XOR) [P3],

...

By executing these exclusive OR operations, the plain text conversion table is obtained. In the above formula, [A] (XOR) [B] means an exclusive OR operation of A and B.

The conversion table included in the encrypted content 318 recorded on the information recording medium 310 is divided into conversion data corresponding to a part of the content and a conversion table having conversion data position information. The conversion table exclusively ORed with the unique parameters P1, P2, P3, ... is stored. This parameter is restored and output in order by the secure VM 356.

Subsequent processing after the table restoration and data conversion processing in step S303 is the same as the processing described with reference to FIG. 11. This subsequent processing is executed in real time in parallel with the content reproduction operation or the content output operation. Specifically, the demultiplexing process in step S304 and the decode process in step S305 are executed in real time in parallel with the content reproduction operation or the content output operation.

In the sixth content reproduction process, the configuration data of the conversion table corresponding to the entire content is divided, and the divided conversion is associated with different parameters. The secure VM 356 intermittently outputs the parameter. Even if parameters are leaked, it is difficult to restore the entire contents. Therefore, more robust content usage management is realized. This processing sequence is realized in real time without affecting content reproduction and output as in the processing described with reference to FIG. When an illegal process is detected in the content reproduction process, the secure VM 356 stops the process in response to the illegal process detection information from the event handler 354. The generation of the converted data is stopped, and it is possible to terminate the reproduction processing and the output processing of the illegal content in the middle.

A seventh content reproduction process will be described with reference to FIG. 18 shows an information recording medium 310, a drive 330, and a host application 350 in which encrypted contents are stored, from the left side. The MKB (Media Key Block), the title key file, and the processing to which they are applied are the same as the first content reproduction processing described with reference to FIG. As shown in FIG. 18, similarly to the sixth content reproduction processing described above with reference to FIG. 16, the information recording medium 310 stores the encrypted content 318 including the conversion table and the data conversion program 315. It is. The processing of the block "381" indicated by the dotted lines is executed in real time, and the processing of the block "383" indicated by the dotted lines is executed as an intermittent process.

Similar to the sixth content reproduction process described with reference to FIG. 16, the conversion table is distributed to specific packets in the configuration data of the encrypted content. For example, as shown in the configuration of FIG. 17, the translation table is stored in a transport stream packet containing the content. Hereinafter, the configuration of the divided conversion table will be described with reference to FIG. 19.

19 lists the data structure of the partitioned conversion table. The partitioned conversion table has a data entity of the conversion data (including the conversion data having the identification mark) corresponding to a specific portion of the conversion table, and recording position information of the conversion data. The data of the conversion table shown in FIG. 19 includes the following data:

SP_No: identifier (ID) of the secret parameter (SP) to be used in the XOR operation of the conversion table

type_indicator: type identifier, 00b; No conversion treatment, 01b; Conversion processing is performed, 10b and 11b; Conversion processing by conversion data containing forensic marks

FM_ID_bit_position: Identification bit position of player ID corresponding to conversion data with identification mark

relative_SPN: Packet location of the transformed data (number of packets from the programmable map table (PMT))

byte_position: The position of the translation data recording in the packet

overwrite_value: conversion data (including conversion data with identification marks)

relative_SPN_2: Second packet position of transformed data (number of packets from PMT)

byte_position_2: the recording position of the second translation data in the packet

overwrite_value_2: second conversion data (also includes conversion data with identification marks)

As described above in the second content reproduction processing, the conversion table shown in FIG. 19 is distributed to specific packets in the configuration data of the encrypted content as shown in the upper portion of FIG. For example, as shown in the upper portion of FIG. 20, the translation table is stored in a transport stream packet containing the content. The upper part of FIG. 20 shows the structure of the content data which consists of a transport stream (TS) packet. The transport stream contains a predetermined number of TS packets. The conversion table is divided into a plurality of packets of some of these TS packets and recorded. As shown, the conversion table is recorded in TS packets 501, 502,... As the TS packet for storing the conversion table, a TS packet including a PMT (programmable map table) that is distributed and set in the content may be used.

As described with reference to Fig. 19, the divided conversion table data includes conversion data (or conversion data having an identification mark) to be replaced with the decoded content, and a recording position of the conversion data.

The conversion table in FIG. 19 is set as a conversion table in which conversion data to be replaced with respect to a part of the content data and setting position information for the content of the conversion data are recorded. By applying this conversion table, a data conversion program including a substitution processing instruction for the content configuration data is executed to perform data conversion.

The information [type_indicator] included in the conversion table indicates whether the registration information of the conversion table is registration information for conversion data for converting the broken data into legitimate content data, or the identification information of the content reproduction device or content reproduction application program is ported. It is a type identifier for identifying whether the registration information is related to the conversion data having an identification mark for embedding.

If the registration information area of the conversion table is registration information relating to conversion data having an identification mark for porting identification information of the content reproducing apparatus or the content reproducing application program, the content reproducing apparatus or the content reproducing application program is used as the table registration information. The conversion data selectively applied according to the identification information of, i.e., the conversion data having the identification mark is registered.

The registration information [FM_ID_bit_position] of the conversion table is position information of bits to be referred to for determining the processing mode among the identification information for identifying the content reproduction apparatus or content reproduction application program consisting of a plurality of bits.

When the bit value of the bit to be referred to for determining the processing mode is 1, the conversion data having the identification mark is substituted for the content configuration data. If the bit value of the bit to be referred to is 0, the substitution process is not performed. The processing mode is determined in this way so that data conversion is performed.

Alternatively, it is also possible to set the conversion process to be executed when the reference bit is 0 and not to perform the conversion process when the reference bit is 1. Alternatively, the conversion data when the reference bit is 0 and the conversion data when 1 may be set as different conversion data, respectively, and the conversion data may be selectively set according to the bit value of the reference bit.

The conversion table is obfuscated by arithmetic processing or encryption processing that applies different parameters to each of the data of the partial conversion table having the conversion data corresponding to only some configuration data of the content.

The recording position of the conversion data recorded in each conversion table is set near the TS packet including the conversion table as shown in the lower part of FIG. For example, packets 511 and 512 each having a recording area of the conversion data are set in the vicinity of the packet 501 including the conversion table. Each of these packets is set in units of 1 GOP.

By setting it as such, when decoding and reproducing the content in real time, it is possible to execute data replacement processing by the converted data as a continuous processing after the decoding processing. By the detection and analysis processing of the TS packet including the conversion table, the conversion data is acquired, and the rewriting process of rewriting the conversion data in the position where the conversion table is recorded can be efficiently executed.

The conversion table is subjected to arithmetic processing or encryption processing to which the secret parameters SP1, SP2, SP3, ... are applied, and is stored in the information recording medium 310.

Specifically, each conversion table is subjected to an exclusive OR operation applying different secret parameters SP1, SP2, SP3, ..., and stored in each packet. The secret parameter consists of 128 bit data, for example. The secure VM 356 in FIG. 18 reads out the encrypted content 318 including the command code information from the information recording medium 310. The secure VM 356 intermittently, under the control of the event handler 354, in response to the input of the player information 355 before and during the content reproduction operation or the content output operation processing, the information recording medium 310. Generate and output the XOR secret parameters (SP1, SP2, SP3, ...) required for converting the conversion table recorded with the contents into the plain text conversion table. The output secret parameters SP1, SP2, SP3, ... are stored in the SP register 371. This process is performed intermittently in order.

According to the conversion program 315, the secure VM 356 shown in FIG. 18, in addition to the secret parameters SP1, SP2, SP3, ..., designates the number (SPNo.) Of each secret parameter and the data conversion program 315. ), The ID (FM_ID) of the set identification mark is generated and these values are output. These values are also stored in the SP register 371.

In real time processing block 381, the encrypted content 318 including the conversion table is decoded in step S401, and in step S402 the conversion table is demultiplexed by the demultiplexing process. Under the control of the real time event handler 361, table restoration is executed in step S403, and data conversion processing is executed in step S404. The table restoration in step S403 and the data conversion processing in step S404 are performed while the real-time event handler 361 monitors an event that may occur during the content reproduction operation or the content output operation. If the negative processing is detected, the processing is stopped.

In step S403, an exclusive OR operation is performed on the conversion parameter intermittently output from the secure VM 356 and stored in the SP register 371 and demultiplexed from the contents by the demultiplexer, and the conversion table is performed. The table is obtained.

Further, in step S404, the designated number SPNo. Of the secret parameter and the identification mark ID FM_ID of the secret parameter which are intermittently output from the secure VM 356 together with the secret parameter SPn and stored in the SP register 371 are obtained. The processing mode to which the conversion table is applied is determined by referring to these values. The conversion data recorded in the conversion table, that is, the conversion data having the conversion data and the identification mark, is recorded in the real time in parallel with the content reproduction operation or the content output operation at the position specified in the conversion table.

If the secret parameters SP1, SP2, SP3, ... are exclusive OR operations with the divided conversion table containing the conversion data corresponding to the predetermined partial data unit, the table restoration processing is performed in step S403 as follows. Is executed:

[Conversion Table 1] (XOR) [SP1],

[Conversion table 2] (XOR) [SP2],

[Conversion Table 3] (XOR) [SP3],

...

By executing these exclusive OR operations, the plain text conversion table is obtained. In the above formula, [A] (XOR) [B] means an exclusive OR operation of A and B.

Referring to Fig. 21, the writing operation of the conversion data will be described. The secret parameters SP1, SP2, SP3, ... are switched about every 10 seconds from the normal playback time of the content. Specifically, one fixed secret parameter is set as a parameter applicable only to the playback content for about 10 seconds. The same secret parameter is applied to each content reproduction section (0 to T, T to 2T, 2T to 3T, ...) in FIG.

According to this embodiment, the section to which the same secret parameter is applied is about 10 seconds in the normal playback mode. Even if one secret parameter is leaked, only 10 seconds of content can be played back, so that solid content leak prevention is realized.

Processing after table restoration in step S403 and processing after data conversion processing in step S404 are the same as those described with reference to FIG. 16, and are performed in real time in parallel with the content reproduction operation or the content output operation. Specifically, the demultiplexing process is executed in step S405, and the decode process is executed in step S406. These processes are executed in real time in parallel with the content reproduction operation or the content output operation.

In the process of Fig. 18, the real time event handler 361 is set to execute the table restoration in step S403 and the data conversion process in step S404. The table restoration in step S403 and the data conversion process in step S404 are executed while the real-time event handler 361 monitors an event that may occur during the content reproduction operation or the content output operation. Alternatively, the data conversion process may be executed in real time without performing event monitoring. In this structure, as shown in FIG. 22, the real-time event handler 361 of FIG. 18 is omitted.

According to the seventh content reproduction process, the configuration data of the conversion table corresponding to the entire content is divided, and different secret parameters SPn are mapped to each divided conversion table, and the exclusive logical sum is applied to the divided conversion tables to which different secret parameters are applied. The operation is executed and the result is stored in the information recording medium 310. Since the secure VM 356 is configured to output these secret parameters intermittently, even if a part of the secret parameters leaks, it is not possible to acquire all of the converted data stored in the conversion table. As a result, it is impossible to restore the entire content, and more robust content use management is realized.

In this processing sequence, similar to the processing described with reference to FIG. 10, real-time processing is realized without affecting the processing of content reproduction and external output. When an illegal process is detected in the content reproduction process, the secure VM 356 stops the process according to the illegal process detection information from the event handler 354. The generation of the converted data is stopped, and the reproduction or external output of the illegal content ends in the middle.

An eighth content reproduction process will be described with reference to FIG. 23 shows an information recording medium 310, a drive 330, and a host application 350 in which encrypted contents are stored, from the left side. Since the MKB (Media Key Block), the title key file, and the processing to which they are applied are the same as the first content reproduction processing described with reference to FIG. 6, they are omitted here. In the information recording medium 310, an encrypted content 313, a conversion table 314, and a data conversion program 315 are stored.

As in the seventh content reproduction processing described above, the eighth content reproduction processing shown in FIG. 23 applies a secret parameter SP to perform a process of restoring a portion of the conversion table to the plain text table. In the seventh content reproduction process, however, the conversion table divided into plural numbers is stored in a packet by applying an exclusive OR operation applying different secret parameters SP1, SP2, SP3, ... to the packet. In the above, the encrypted content 313 and the conversion table 314 are stored in the information recording medium 310 as separate files.

In the eighth content reproduction process, the process of the block "381" indicated by the dotted line is executed in real time, and the process of the block "383" indicated by the dotted line is executed as the intermittent process. That is, the secure VM 356 intermittently outputs the secret parameter SP so as to meet the time in the content reproduction operation or the content output operation. In the eighth content reproduction process, the secure VM 356 obtains a conversion table from the information recording medium 310, and stores the conversion table for the exclusive-OR operation (XORed) table storage unit 372. The storage processing for the exclusive OR operation of the conversion table (XORed) by the secure VM 356 is performed by performing an exclusive OR operation on the partial data of the conversion table corresponding to the output secret parameter SP. (XORed) The table storage unit may be executed as a step-by-step process for storing in the table storage unit 372 or the OROR table is exclusively ORed before the content playback operation or the content output operation. It may also be executed as a batch process to be stored at 372.

The conversion table is set as one independent data. A plurality of conversion table blocks (FUT blocks) are stored in the conversion table file. Before the plurality of conversion table blocks (FUT blocks) are stored, an exclusive OR (XOR) arithmetic operation to which different secret parameters SP1, SP2, SP3, ... are applied is performed.

With reference to FIGS. 24-26, the data structure of a conversion table is demonstrated.

24 shows the overall data structure of the conversion table.

FIG. 25 shows the data structure of one conversion table block (FUT block) among a plurality of conversion table blocks (FUT blocks) included in the conversion table.

Fig. 26 shows the data structure of the conversion data entry in the conversion table block (FUT).

As shown in Fig. 24, the conversion table includes the following data:

Number of FUT blocks: Number of conversion table blocks

Length of FUT block: The byte length of the conversion table block

SP_No: secret parameter (SP) number (corresponding to the SP generated by the secure VM 356)

First SPN for FUT block: location of allocated packet for translation table block

FUT block (): conversion table block (the conversion table block is obfuscated with different parameters)

The conversion table includes a plurality of conversion table blocks (FUTs), and the plurality of conversion table blocks (FUTs) are stored by being subjected to exclusive OR (XOR) arithmetic processing by different secret parameters SP1, SP2, SP3, ... have.

FIG. 25 shows a data structure of one of a plurality of conversion table blocks (FUT blocks) included in the conversion table shown in FIG. 24. As shown in FIG. 25, the conversion table block (FUT block) includes the following data:

Number of FixUpEntry in this block: Number of transform data units (including transform data units with identification marks)

Base SPN for FixUpEntry: the location of the base packet serving as an indicator of the recording location of the translation data

FixUpEntry (): Translation table block is obfuscated with secret parameter

FIG. 26 shows the data structure of the conversion data entry FixUpEntry included in the conversion table block of FIG. As shown in Fig. 26, the conversion data entry FixUpEntry includes the following data:

type_indicator: type identifier, 00: no conversion processing, 01b: conversion processing is executed, 10b and 11b: conversion processing by conversion data having a forensic mark is executed

FM_ID_bit_position: Identification bit position of player ID corresponding to converted data with forensic mark

relative_SPN: Packet location of the transformed data (number of packets from the programmable map table (PMT))

byte_position: The position of the translation data recording in the packet

overwrite_value: conversion data (including conversion data with identification marks)

relative_SPN_2: second packet position of the converted data (the number of packets from the PMT)

byte_position_2: the recording position of the second translation data in the packet

overwrite_value_2: second transform data (including transform data with identification marks).

The conversion table is set as a conversion table having conversion data to be substituted for a part of the content data and setting positional information for the content of the conversion data. By applying this conversion table, a data conversion program including a replacement processing instruction for content configuration data is executed to perform data conversion.

The information [type_indicator] included in the conversion data entry (FixUpEntry) included in the conversion table block of FIG. 26 indicates whether the registration information of the conversion table is registration information relating to conversion data for converting the broken data into valid content data, or It is a type identifier for identifying whether it is registration information about conversion data having an identification mark for porting identification information for identifying a content reproducing apparatus or a content reproducing application program.

If the registration information area of the conversion table is a registration information area relating to conversion data having an identification mark for porting identification information of the content reproducing apparatus or the content reproducing application program, the identification information of the content reproducing apparatus or the content reproducing application program is used. The conversion data selectively applied according to this, that is, conversion data having an identification mark is registered as table registration information.

The registration information [FM_ID_bit_position] is position information of bits to be referred to for determining a processing mode among identification information of a content reproducing apparatus or a content reproducing application program composed of a plurality of bits. When the value of the bit to be referred to is 1, converted data having an identification mark is substituted for the content configuration data. If the value of the bit to be referred to is 0, no substitution is performed. The processing mode is determined in this way, and data conversion processing is executed.

Conversely, it is also possible to set the conversion to be executed when the reference bit is 0 and not to perform the conversion when the reference bit is 1. Alternatively, the conversion data when the reference bit is 0 and the conversion data when 1 are set as different conversion data, respectively, and the conversion data may be selectively set in accordance with the bit value of the reference bit.

In the eighth content reproduction process, the conversion table includes a plurality of conversion table blocks (FUTs). These multiple conversion table blocks FUT are each subjected to an exclusive OR operation with different secret parameters SP1, SP2, SP3, ... before being stored. The conversion table is stored in the information recording medium 310 as independent file data, but as described with reference to Figs. 24 to 26, the conversion table includes a plurality of conversion table blocks (FUT blocks), and the plurality of conversion tables Each block (FUT block) is subjected to an exclusive OR operation with different secret parameters SP1, SP2, SP3, ..., and the result value is stored in the information recording medium 310. The secret parameter consists of 128 bit data, for example.

The secure VM 356 in FIG. 23 reads from the information recording medium 310 the encrypted content 318 including the command code information. The secure VM 356 intermittently under the control of the event handler 354 before or during the content reproduction operation or the content output operation processing, in response to the input of the player information 355, the information recording medium 310. An exclusive logical OR (XOR) secret parameter SP1, SP2, SP3, ... required for converting the conversion table block (FUT block) included in the conversion table 314 recorded in " The output secret parameters SP1, SP2, SP3, ... are stored in the SP register 371.

The conversion table block (FUT block) includes conversion data corresponding to a part of the content and recording position information of the conversion data, similarly to the divided conversion table described with reference to the seventh content reproduction process. As described with reference to FIG. 21, the conversion table block includes conversion data corresponding to a portion of content of about 10 seconds.

In addition to the secret parameters SP1, SP2, SP3, ..., the secure VM 356 shown in FIG. 23 has a designation number (SPNo.) Of each secret parameter and an identification mark set in accordance with the data conversion program 315. ID (FM_ID) is generated and these values are output. These values are also stored in the SP register 371.

In the real time processing block 381, the decryption of the encrypted content 318 is executed in step S451, and in step S452 one of the conversion table blocks stored in the exclusive-OR operation (XORed) table storage unit 372 is obtained. . An exclusive OR (XOR) operation of the secret parameter SPn stored in the SP register 371 is executed, and a conversion table block FUT as plain text data is obtained.

In step S453, the secret number SPn is intermittently output from the secure VM 356 and stored in the SP register 371, and the designated number SPNo. Of the secret parameter and the ID FM_ID of the identification mark are obtained. do. These values are referenced to determine the processing mode applied by the conversion table. The conversion data recorded in the conversion table, that is, the conversion data having the conversion data and the identification mark is written at the position designated in the conversion table. These processes are executed in real time in parallel with the content reproduction operation or the content output operation under the control of the real time event handler 361. The real time event handler 361 controls the processing while monitoring an event occurring during the content reproduction operation or the content output operation. For example, if a negative process is detected, the process is stopped.

The use processing of the concrete conversion table is demonstrated. The type identifier [type_indicator] in the conversion table shown in FIG. 26 is first checked. If this type identifier [type_indicator] indicates the insertion of the conversion data having an identification mark (type_indicator = (10b or 11b)), it is determined that the processing mode of the conversion data having the identification mark is [FM_ID_bit_position] in the conversion table. The bit position information of the ID is referred to. The position represented by the plurality of identification bits FM_ID in the conversion table is identified. If the type identifier [type_indicator] is 10b, 0 bits are added to FM_ID_bit_position, and if the type identifier [type_indicator] is 11b, 64 bits are added to FM_ID_bit_position. In this way, the FM_ID can be represented with fewer bits. Then, data of the bit position of the identified FM_ID is obtained. If the FM_ID bit is 1, the configuration data of the content to which the converted data is applied is converted. If the FM_ID bit is 0, the conversion process is not performed. Conversely, if the FM_ID bit is 1, no conversion processing is performed, and if the FM_ID bit is 0, it is also possible to convert the configuration data of the content to which the converted data is applied.

By this process, data corresponding to the player ID is transplanted into the reproduction data. When the transformation process is performed, the first conversion data [overwrite_value] and the second conversion data [overwrite_value_2] set in the conversion table are rewritten in two positions. The removal of the FM_ID data becomes more difficult, and the burden on the playback apparatus can be lighter than the restriction of setting [overwrite_value]. When the type identifier [type_indicator] is 01b, the conversion data is not conversion data having an identification mark, that is, conversion data to be replaced with broken data, so it is necessary to confirm the FM_ID of the playback device in performing the conversion process. none.

In the exclusive logical OR operation (XOR) in step S452, if the secret parameters SP1, SP2, SP3, ... are exclusive logical OR (XOR) calculation parameters set for the conversion table block (FUT block), the table is restored in step S452. The processing is performed as follows:

[FUT block 1] (XOR) [SP1],

[FUT block 2] (XOR) [SP2],

[FUT block 3] (XOR) [SP3],

...

By performing the exclusive-OR operation, the plain text conversion table block data is obtained. [A] (XOR) [B] in the above formula means an exclusive OR operation of A and B.

According to these conversion table blocks, a write operation of the conversion data and a write operation of the conversion data having an identification mark are performed on a part of the configuration data of the content. The content reproduction section of the conversion table block is the same as the content reproduction section of the seventh content reproduction process, and becomes each section of the content reproduction sections 0 to T, T to 2T, and 2T to 3T in FIG. The same secret parameter applies to each section.

According to this embodiment, the section to which the same secret parameter is applied is about 10 seconds in normal playback, and even if only one secret parameter is leaked, only 10 seconds of content can be played back, so that robust content leakage prevention is realized.

Processing after the data conversion processing in step S453 is the same as that described in the seventh content reproduction processing, and is performed in real time in parallel with the content reproduction operation or the content output operation. Specifically, the demultiplexing process is executed in step S454, and the decode process is executed in step S455. These processes are executed in real time in parallel with the content reproduction operation or the content output operation.

In the eighth content reproduction process, the real time event handler 361 controls the table restoration in step S452 and the data conversion process in step S453 while monitoring the events that may occur during the content reproduction operation or the content output operation. Alternatively, the data conversion process may be performed without performing such event monitoring. In this case, as shown in FIG. 27, the real time event handler 361 of FIG. 23 is omitted.

In the eighth content reproduction process, the conversion data block (FUT block) obtained by dividing the configuration data of the conversion table corresponding to the entire content is subjected to an exclusive OR operation using different secret parameters SPn in correspondence with different secret parameters SPn. After this is applied, it is stored in the information recording medium. The secure VM 356 intermittently generates secret parameters and the like. Even if some of the secret parameters are leaked, it is not possible to obtain the entire converted data stored in the conversion table. As a result, it becomes impossible to restore the entire content, and more robust content usage management is realized.

As in the processing described with reference to Fig. 10, this processing sequence is realized in real time without affecting the processing of content reproduction and output. When an illegal process is detected in the content reproduction process, the secure VM 356 stops the process in response to the illegal process detection information from the event handler 354, so that generation of the converted data is stopped, and reproduction or output of the illegal content is stopped. It is possible to end the operation in the meantime.

Although the data structure of the configuration data of the conversion table has been described with reference to FIGS. 24 to 26, the conversion table may have various data structures. For example, the conversion table described with reference to FIG. 24 may be configured as shown in FIG. 28. FIG. 28 shows an example of recording the conversion table of FIG. 24 in another structure. The secret parameter (SP) number may be replaced with the block number of the translation table block. [First SPN for FUT block] may be replaced with the value of the first " Base SPN for FixUpEntry " in [FUT block ()] defined in FIG. "Base SPN for FixUpEntry"] is not obfuscated by the exclusive OR operation with the secret parameter (SP), and to determine [FUT block ()] during random access even when there is no secret parameter (SP). Used. Thus, the table shown in FIG. 28 has the simpler structure than that shown in FIG. 24 and provides the same information as the conversion table of FIG. In the above description, the conversion table is stored in a packet or in a file on an information recording medium. Alternatively, the conversion table may be stored in a packet and stored in a file on the information recording medium 310. For example, a translation table stored as a file is used in a device characterized by a large memory capacity and a low processing rate, while a translation table in a packet is used in a device characterized by a small memory capacity and a low processing speed.

Next, with reference to FIG. 29, the hardware structure of the information processing apparatus 800 which runs an application program as a host is demonstrated. The information processing apparatus 800 includes a CPU 809 for executing data processing according to various programs such as an operating system (OS), a content reproduction application program, a content recording application program, and a mutual authentication processing program, and a program and a parameter. ROM 808 and memory 810 as a storage area for storing the data, an input / output I / F 802 for inputting and outputting digital signals, and an A / D converter and a D / A converter for inputting and outputting analog signals. Input / output I / F (804) having the same function, MPEG codec (803) for encoding and decoding MPEG data, and TS / PS processor (806) for executing TS (Transport Stream) and PS (Program Stream) processing. ), An encryption processor 807 for executing various encryption processes including mutual authentication processing and encryption processing, a recording medium 812 such as a hard disk, and a recording medium 812 to drive data recording and reproduction scenes. A drive 811 for performing call input and output, and a bus 801 for interconnecting these elements.

The information processing apparatus (host apparatus) 800 is connected to the drive via a bus such as an AT attachment packet interface (ATAPI) bus. The conversion table and contents are input and output via the digital signal input / output I / F 802. The encryption processor 807 executes encryption processing and decryption processing using an Advance Encryption Standard (AES) algorithm.

A program for executing the content reproduction process or the content recording process is, for example, in the ROM 808, and during execution of the program, parameters and data are applied to the memory 810 as a work area.

The ROM 808 or the recording medium 812 stores a public key of the control center, a host corresponding secret key, a host corresponding public key certificate, and a drive CRL as an invalidation list.

The data conversion program acquired from the information recording medium is used to perform the content reproduction operation or the content output operation. The first to eighth content reproduction processes including decryption of the encrypted content, restoration of the conversion table, and conversion data writing process corresponding to the stored data of the conversion table are executed.

Next, an information recording medium, an information recording medium manufacturing method, and an information recording medium manufacturing apparatus will be described. An information recording medium is a recording medium on which content is recorded and / or reproduced.

The information recording medium manufacturing apparatus is an apparatus for manufacturing the information recording medium 100 for storing the record data described with reference to FIG.

The information recording medium manufacturing apparatus has (a) content containing broken data different from the legitimate content composition data, and (b) converted data which is legitimate content composition data to be replaced with the broken data. A data processor for generating a data conversion program including a conversion table having setting position information for the data, and (c) an execution instruction used for substitution processing for content configuration data to which the conversion table is applied; A conversion table, and a data recorder for recording the data conversion program on the information recording medium.

In the information recording medium manufacturing apparatus of an embodiment of the present invention, the data processor generates a conversion table having conversion data selectively applied according to the identification information of the content reproduction apparatus or the content reproduction application program, and the data recorder according to the identification information. Record a conversion table containing conversion data that is optionally applied. In the information recording medium manufacturing apparatus of another embodiment of the present invention, the data processor obfuscates using arithmetic processing or encryption processing that applies different parameters to a partial conversion table having conversion data corresponding to only partial configuration data of the content. Create a converted conversion table, and the data recorder records the obfuscated conversion table.

In the information recording medium manufacturing apparatus of another embodiment of the present invention, the data processor generates the content data in which the obfuscated conversion table is interspersed in the stream packet of the content including the broken data, and the data recorder is obfuscated. The content data including the converted conversion table.

As described with reference to Fig. 1, an information recording medium generated by such a manufacturing apparatus includes (a) content containing broken data different from legitimate content configuration data, and (b) legitimate object to be replaced with broken data. A data conversion program having conversion data that is content configuration data, and having a conversion table having setting positional information on the content of the conversion data, and (c) an execution command used for substitution processing for content configuration data to which the conversion table is applied. Save it.

The conversion table recorded on the information recording medium includes conversion data for which a part of the content data is to be replaced, a conversion table including setting position information on the content of the conversion data, and replacement of the content configuration data to which the conversion table is applied. It includes a data conversion program including an execution instruction used for processing. The registration information of the conversion table is registration information about conversion data for converting the broken data into legitimate content data, or registration about conversion data having an identification mark for porting identification information of the content reproduction device or content reproduction application program. It includes a type identifier that identifies whether the information.

When the registration information of the conversion table is registration information about conversion data having an identification mark for porting identification information of the reproduction device or the content reproduction application program, the registration information of the conversion table further includes the content reproduction device or the content reproduction application. It includes conversion data that is selectively applied according to the identification information of the program. The conversion table includes position information of bits to be referred to for determining the processing mode among the identification information of the reproduction device or reproduction application program composed of a plurality of bits.

The conversion table utilizes arithmetic processing or cryptographic processing to apply different parameters to the partial conversion table having the conversion data corresponding only to the partial configuration data of the content. For example, the information recording medium stores, as record data, content data in which an obfuscated conversion table is interspersed in a stream packet of content containing broken data.

The series of processing steps described above can be executed by hardware, software, or a combination of both. When a series of processing steps are performed by software, a program forming the software is installed in a memory in a computer built in dedicated hardware or in a general-purpose computer capable of executing various processes.

The program can be recorded in advance in a hard disk and a ROM (Read Only Memory) as a recording medium. Alternatively, the program may be temporarily or permanently stored on a removable recording medium including a flexible disk, a compact disc read only memory (CD-ROM), a magneto optical (MO) disk, a digital versatile disc (DVD), a magnetic disk, and a semiconductor memory. Can be stored. Such a removable recording medium can be provided as so-called package software.

The program can be installed in the computer from the recording medium as described above. In addition, the program may be transmitted from the download site to the computer in a wireless manner, or may be transmitted to the computer in a wireless or wired manner through a network such as a local area network (LAN) or the Internet. The computer can receive the transferred program and store it in a recording medium such as an internal hard disk.

The various processing steps described in the specification can be executed not only in time series as substantially described, but also in parallel or separately. In this specification, a system refers to one or a plurality of devices.

Those skilled in the art will fully appreciate that various modifications, combinations, partial combinations and changes may be made without departing from the spirit of the invention as defined in the appended claims or equivalents thereof.

Claims (40)

A reproduction apparatus for performing reproduction processing of content, A data conversion processing unit for replacing at least a part of content configuration data constituting the content with converted data, The data conversion processing unit is configured to execute data conversion processing according to recording information of a conversion table, The conversion table, (1) registration information including the conversion data; (2) the registration information, (2a) is registered information including conversion data for converting abnormal data into legitimate content data, or (2b) registration information including conversion data for planting identification information of the playback apparatus or the content playback application. The type identifier to identify, (3) Substitution position information of the conversion data And, Wherein the data conversion processing unit comprises: Changing and executing the substitution processing by the converted data of the content configuration data at the position indicated by the substitution position information according to the type identifier, Playback device. The method of claim 1, Wherein the data conversion processing unit comprises: The type identifier, the registration information of the conversion table, (2a) in the case of indicating that it is registered information including conversion data for converting abnormal data into legitimate content data, And a processing for replacing the legitimate content that is the content configuration data with abnormal data that is different from the legitimate content data included in the registration information of the conversion table. The method of claim 1, Wherein the data conversion processing unit comprises: The type identifier, the registration information of the conversion table, (2b) when it is indicated that it is registered information including conversion data for planting identification information of a playback device or a content playback application, And a part of the content, which is the content configuration data, with or without the conversion data included in the registration information of the conversion table, based on the configuration bits of the identification information of the content reproducing apparatus or the content reproducing application. 4. The method according to any one of claims 1 to 3, Wherein the data conversion processing unit comprises: A reproducing apparatus configured to execute an exclusive-OR operation (XOR) calculation process to which different parameters are applied in a predetermined reproducing unit to a plurality of conversion data included in one or more conversion tables, and to acquire a conversion data that is replacement data. . 5. The method of claim 4, Wherein the data conversion processing unit comprises: The calculation process of the other parameter is executed as an intermittent process in synchronization with the reproduction or external output of the content, A reproducing apparatus, which is configured to acquire converted data corresponding to other content configuration data in accordance with arithmetic processing or encryption processing based on other parameters that are sequentially and sequentially calculated. 5. The method of claim 4, Wherein the data conversion processing unit comprises: A reproducing apparatus, which is configured to execute a calculation process of the parameter by a virtual machine. 4. The method according to any one of claims 1 to 3, Wherein the data conversion processing unit comprises: The divided conversion table distributed and divided into the configuration packet of the content is sequentially obtained, and the conversion data, which is replacement data corresponding to only partial configuration data of the content, and the recording position information of the converted data, are sequentially obtained from the divided conversion table. A reproducing apparatus, configured to perform a process of acquiring a message. 4. The method according to any one of claims 1 to 3, The playback device, A decoding processing unit which performs decoding processing of the contents, Wherein the data conversion processing unit comprises: A reproduction device according to the present invention, wherein the decoding processing unit executes a process of replacing content configuration data of decoded content with the converted data. An information recording medium manufacturing apparatus, Content containing abnormal data different from party content composition data, A conversion table having conversion data which is party content configuration data to be replaced with the abnormal data, and which records setting position information on the content of the conversion data; A data processing unit for acquiring a data conversion processing program used for the substitution processing of the content configuration data to which the conversion table is applied; A data recording unit for recording the contents including the abnormal data, the conversion table, and the data conversion processing program on an information recording medium. And, The conversion table obtained by the data processing unit, (1) registration information including the conversion data; (2) the registration information, (2a) is registered information including conversion data for converting abnormal data into legitimate content data, or (2b) registration information including conversion data for planting identification information of the playback apparatus or the content playback application. The type identifier to identify, (3) Substitution position information of the conversion data An information recording medium manufacturing apparatus having a. 10. The method of claim 9, The data processing unit, A conversion table for setting conversion data selectively applied based on identification information of the content reproducing apparatus or the content reproducing application, The data recording unit, An information recording medium manufacturing apparatus, comprising: a structure for executing a recording process of a conversion table including conversion data selectively applied based on the identification information. 10. The method of claim 9, The data processing unit, Acquiring the obfuscated conversion table by arithmetic processing or encryption processing with different parameters for each of the partial conversion table data in which the conversion data corresponding to only partial configuration data of the content is recorded, The data recording unit, An information recording medium manufacturing apparatus, comprising: a structure for executing a recording process of the obfuscated conversion table. 12. The method of claim 11, The data processing unit, In a stream packet having the content including the abnormal data as configuration data, the content data obtained by scattering and arranging the obfuscated conversion table is obtained; The data recording unit, An information recording medium manufacturing apparatus, which is configured to execute a recording process of content data arranged by scattering the obfuscated conversion table. An information processing method to be executed in a playback device that executes playback processing of content, A data conversion step of converting, by the data conversion processing unit, at least a part of the content configuration data constituting the content into converted data; The data conversion step is a step of performing a data conversion process according to the recording information of the conversion table, The conversion table, (1) registration information including the conversion data; (2) the registration information, (2a) is registered information including conversion data for converting abnormal data into legitimate content data, or (2b) registration information including conversion data for planting identification information of the playback apparatus or the content playback application. The type identifier to identify, (3) Substitution position information of the conversion data And, The data conversion step, Changing and executing the substitution processing by the converted data of the content configuration data at the position indicated by the substitution position information according to the type identifier, Information processing method. An information recording medium manufacturing method performed by an information recording medium manufacturing apparatus, A data processing unit of the information recording medium manufacturing apparatus includes: content including abnormal content data different from party content configuration data; A conversion table having conversion data which is party content configuration data to be replaced with said abnormal data, and setting setting position information on the content of said conversion data; A data conversion step of acquiring a data conversion processing program used for the substitution processing of the content configuration data to which the conversion table is applied; The data recording unit of the information recording medium manufacturing apparatus executes a data recording step of recording the contents including the abnormal data, the conversion table, and the data conversion processing program on an information recording medium, The conversion table obtained in the data processing step, (1) registration information including the conversion data; (2) the registration information, (2a) is registered information including conversion data for converting abnormal data into legitimate content data, or (2b) registration information including conversion data for planting identification information of the playback apparatus or the content playback application. The type identifier to identify, (3) Substitution position information of the conversion data An information recording medium manufacturing method comprising: A computer-readable recording medium having recorded thereon a playback application / program for executing information processing in a playback device that executes a playback process of content, The data conversion processing unit replaces at least a part of content configuration data constituting the content with conversion data to execute a data conversion step, The data conversion step is a step of executing a data conversion process according to the recording information of the conversion table, The conversion table, (1) registration information including the conversion data; (2) the registration information, (2a) is registered information including conversion data for converting abnormal data into legitimate content data, or (2b) registration information including conversion data for planting identification information of the playback apparatus or the content playback application. The type identifier to identify, (3) Substitution position information of the conversion data And, In the data conversion step, A computer-readable recording medium having recorded thereon a reproducing application / program which changes and executes the substitution processing by the converted data of the content configuration data at the position indicated by the substitution position information according to the type identifier. As an authoring device, Content containing abnormal data different from party content composition data, A conversion table having conversion data which is party content configuration data to be the target of replacement of said abnormal data, and recording setting position information on the content of said conversion data; Data processing unit for generating a data conversion processing program used for the substitution processing of the content configuration data to which the conversion table is applied And, The conversion table generated by the data processing unit, (1) registration information including the conversion data; (2) the registration information, (2a) is registration information including conversion data for converting abnormal data into legitimate content data, or (2b) registration information including conversion data for planting identification information of the playback apparatus or the content playback application. The type identifier to identify, (3) Substitution position information of the conversion data An authoring apparatus, comprising. delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete delete

Images